Browse All Posts (130)
rusteinberg explains how Microsoft Fabric sensitivity labels (defined in Microsoft Purview) can do more than enforce access control: they can also act as guidance signals for AI skills and agents, helping them choose the right data sources and avoid mixing sensitive and non-sensitive contexts in answers.
Microsoft Security Team summarizes five takeaways from Frost & Sullivan’s 2025 Frost Radar on CSPM, focusing on how posture management is shifting from periodic compliance checks to continuous, risk-based governance across CNAPP platforms, with implications for DevSecOps, SOC workflows, and multicloud environments.
John Edward explains how Azure’s “Agentic Agents” can support resilient cloud operations across migration planning, observability, and continuous optimization. The article focuses on turning telemetry into actionable guidance, reducing alert fatigue, improving root-cause analysis, and driving cost, performance, security, and sustainability improvements in Azure environments.
John Savill recaps the major Microsoft AI updates from June 2026, spanning new model availability on Azure, Azure AI Foundry capabilities (agents, evaluations, tracing, memory), and GitHub Copilot updates including a desktop app and an SDK.
Waldek Mastykarz shares results from running 150 agent tasks comparing Claude Sonnet 4.6 vs Sonnet 5 inside GitHub Copilot Chat in VS Code, showing how “cheaper per token” can still mean higher costs, higher variance, and worse output quality depending on the workload.
Connor Peet explains how VS Code’s Agent Host Protocol changes the way coding agents run and stay connected, moving beyond window-bound local agents to sessions that can persist, sync state across machines, and support remote, long-running workflows.
This week's ML roundup focuses on making Microsoft Fabric deployments more governable and production-ready, from delegated OneLake shortcuts that tighten zero-copy security across workspaces and tenants to new outbound access controls for Real-Time Intelligence (RTI). On the streaming side, Eventstream connectors picked up practical upgrades like private networking, Kafka and Service Bus support, and mTLS, while preview features point to broader CDC and IoT ingestion coverage. We also saw Fabric move further toward repeatable operations with a public data agent API, GA item recovery with REST restore, and an AI-assisted CLI path for migrating Synapse Spark and pipelines. Outside Fabric, SkillOpt and MCP-based SQL Server tooling both reinforce a shared lesson for agent builders: skills, tools, and permissions are the control plane that keeps agent behavior reliable and bounded.
kinfey explains why “token economics” has become a core architecture concern for agentic AI systems, using GitHub Copilot’s shift to usage-based billing as a concrete framing. The post breaks down practical engineering techniques—compression, caching, routing, and short-term memory—and shows how to evaluate cost, quality, and reliability together.
This week in DevOps, the common thread was making operational change more repeatable, reviewable, and safer. Azure Chaos Studio introduced scenario-based Workspaces with reports tied to Azure Monitor signals, while Azure Monitor added Dynamic Thresholds for Prometheus and OpenTelemetry metric alerts to cut noise without relying on static thresholds. On the CI and governance side, GitHub tightened least-privilege defaults (including read-only cache tokens for untrusted triggers), reduced secret sprawl by letting Copilot CLI use GITHUB_TOKEN in Actions, and expanded enterprise security controls across secret scanning, license compliance rulesets, and upcoming Dependabot alert retention changes.
Welcome to this week's Weekly AI Roundup, where the common thread is taking agentic AI from demos to operations: more automation, more guardrails, and more ways to prove what happened. Azure pushed reliability toward standardized, automatable determinations with its internal "Brain" system and scenario-first Chaos Studio Workspaces that can plug into Copilot and MCP. GitHub Copilot news focused on enterprise governance and spend controls (managed-settings.json, credit pools, session limits, and audit-grade agent session streaming) alongside rapid model lineup changes and the approaching GitHub Models shutdown. Across MCP, Foundry, Fabric, and IDEs, the story is clear: tool use is expanding (browser automation, vision inputs, CI diagnostics), so security, provenance, and repeatable evaluation need to expand with it.
Welcome to this week's GitHub Copilot roundup, where the story is equal parts model churn and operational control. New model options landed (Claude Sonnet 5 and Kimi K2.7 Code GA, Claude Opus 4.8 fast mode preview) while GitHub signaled upcoming removals for Gemini 2.5 Pro and Gemini 3 Flash, making policy audits and fallback planning a practical admin task. In the IDE, Copilot keeps pushing into agent workflows with vision attachments, browser tools in VS Code, and JetBrains support via ACP, backed by better session UX and usage visibility. On the governance side, managed-settings.json, cost-center budgets, session streaming, and CLI/SDK credit limits make it easier to enforce guardrails while still letting teams use agents in editors, CI, and tool-driven workflows.
Welcome to this week's Azure roundup, where reliability and agentic workloads got more concrete across the platform. Chaos Studio moved closer to repeatable resilience testing with Workspaces and scenario reports tied to Azure Monitor, while Azure Monitor added Dynamic Thresholds for Prometheus and OpenTelemetry to catch anomalies without constant retuning. On the agent side, updates ranged from the kars runtime on AKS and MCP tooling patterns on Azure Functions to new security guidance on tool description poisoning, with a consistent message: automation only works in production when identity, governance, and auditability come first.
Welcome to this week's Security roundup, where agent governance moved from design guidance to concrete tooling across Kubernetes, developer IDEs, and Microsoft Security. We look at kars and AGT patterns for isolating and auditing agent behavior, plus new mitigations for MCP risks like tool metadata poisoning and untrusted server connections. On the platform side, GitHub tightened CI and audit controls (read-only cache tokens, reduced PAT use, Copilot session streaming) and expanded secret scanning into a more operational model. We also cover integrity and egress controls in Azure and Fabric, and why resilience drills and a faster post-quantum timeline mean security planning needs to start earlier.
Welcome to this week's .NET Roundup. Microsoft set a clear planning deadline with .NET 8 and .NET 9 ending support on November 10, 2026, pushing teams to budget upgrade work toward .NET 10 and revisit TargetFramework and dependency constraints. On the AI tooling side, the focus shifted from chat-based demos to repeatable workflows: MCP-powered build diagnostics in GitHub Actions, practical auditing and OpenTelemetry for agent governance, and patterns for building tools (Functions, search) with safer data access. We also saw platform-focused updates like SkiaSharp 4 for .NET MAUI, a C# preview feature for closed class hierarchies, Azure Blob client-side integrity checks reaching GA, and a useful warning about ambiguous routes when inheriting ASP.NET Core controllers.
Justin Bettencourt summarizes the June 2026 Azure SDK releases, highlighting new generally available Python client libraries for Azure AI Transcription and Microsoft Planetary Computer Pro, plus initial beta releases for Java and Python management/client libraries, with links to full release notes across supported languages.
Authorised Territory demonstrates how to show LLM token usage in a .NET console app built with the .NET Agent Framework while running a local model via Ollama, focusing on making token consumption visible during agent execution.
The VS Code Team shares results from a two-week production experiment with OpenAI that tuned the GPT-5.5 system prompt used by the VS Code coding harness. It explains the prompt variants tested, the metrics used to judge quality vs speed/cost, and why the winning prompt became the new default.
Automatically Route Azure Service Health Alerts to the Right Service Owners Using Agentic Logic Apps
Arpit_MSFT shows how to route Azure Service Health alerts to the right team automatically by using Azure Monitor Action Groups to trigger an Autonomous Agent Logic App, backed by a simple service-to-owner mapping (for example, a CSV in Azure Blob Storage) with a default fallback recipient.
John Edward explains how to get more out of Windows Terminal on Windows 11, focusing on practical workflow improvements like profiles, tabs, split panes, the command palette, and keyboard shortcuts, plus common setups for PowerShell, WSL, Git, and Azure CLI.
GitHub introduces GitHub Copilot code review “medium depth” reviews (public preview), showing how the higher-reasoning review mode can produce longer, more thorough pull request feedback for complex logic and security-sensitive changes, and how admins can enable it at the repository or organization level.
John Savill shares a short weekly roundup of Azure changes and announcements from 3rd July 2026, including VM restore point improvements, new blob integrity capabilities, storage migration updates, PostgreSQL tooling, Azure AI Foundry news (including Claude models), GitHub Copilot model updates, and quantum-safe security items.
Jack Tracey announces that Azure landing zone (ALZ) has moved from a community-led open-source initiative to an officially owned Microsoft product under the Azure Migrate team, while keeping the existing repos and consumption model unchanged for users.
Allison details three changes to the GitHub Copilot usage metrics API that improve reporting completeness for Copilot CLI activity, IDE identification, and AI credit attribution—helping orgs and enterprises get more reliable usage and consumption data from the REST API.
Allison announces the July 31, 2026 deprecation of Gemini 2.5 Pro and Gemini 3 Flash across GitHub Copilot experiences, and explains what Copilot Enterprise admins and teams need to change to keep using supported models.
Allison announces that GitHub Copilot CLI can now authenticate in GitHub Actions using the built-in GITHUB_TOKEN, removing the need to manage long-lived personal access tokens. The post also explains the required Copilot policy and workflow permission, plus options for tracking and controlling organization-billed AI credit spend.
GitHub walks through recent updates from the GitHub Changelog and demos experimenting with “canvases” inside the GitHub Copilot app, focusing on what’s new and how the tooling behaves in practice.
Allison announces a public preview for streaming GitHub Copilot agent session data in GitHub Enterprise Cloud, giving enterprises visibility into prompts, responses, and tool calls via a streaming endpoint or a REST API, with Microsoft Purview supported as a streaming destination.
Aaron Merrill explains how OneLake security works with Microsoft Fabric shortcuts to enable zero-copy data distribution. He breaks down passthrough vs delegated shortcuts, how permissions are evaluated (including intersection behavior), and when each model fits—especially for large-scale sharing, cross-tenant scenarios, and external storage sources.
shiv_narayanan introduces Delegated OneLake Shortcuts (preview) in Microsoft Fabric, a new authentication option that lets teams share OneLake data at scale using a configured connection identity instead of per-user pass-through access, including support for cross-tenant scenarios and OneLake security controls.
Allison announces AI credit pools for GitHub cost centers, letting enterprises cap how much of their monthly included Copilot AI credits each cost center can consume via the REST API, helping keep spend allocation aligned with the licenses assigned to each group.
Microsoft Developer walks through setting up Azure DevOps Pipelines for SQL projects created from SSMS Database DevOps or the VS Code SQL database projects extension, including build, code analysis, and iterative deployments to Azure SQL Database with security basics like firewall rules and passwordless auth.
Natalie Guevara explains how GitHub reduced 20,000+ secret scanning alerts across 15,000 repositories to zero by separating noise from real risk, validating whether credentials were still live, and building repeatable remediation and ownership workflows that scale across teams.
Mark Russinovich introduces Brain, Azure’s internal AIOps “reliability intelligence” layer that builds a digital twin of Azure health by combining telemetry, dependency graphs, and customer impact signals to drive faster detection, clearer scoping, and automated operational actions.
Raji Dani explains how Microsoft is tightening security across the Cloud Solution Provider (CSP) ecosystem, focusing on partner vetting, mandatory tenant security requirements, least-privilege delegated access to customer tenants, and stronger monitoring and incident response to reduce partner-to-customer attack paths.
Gali Reznick and coauthors announce preview support for Workspace Outbound Access Protection (OAP) across key Real-Time Intelligence experiences in Microsoft Fabric, explaining what outbound paths are allowed or blocked and how admins can reduce data exfiltration risk with workspace-level rules.
Fokko at Work demos what’s new for GitHub Copilot in Visual Studio Code 1.127, focusing on agent and chat workflow improvements like session organization, UI banners, review feedback in the editor gutter, and tools for troubleshooting agent behavior, plus visibility into subagent credits and plan/policy limitations.
daisami walks through adding production-grade auditing and telemetry to AI agents using Microsoft’s Agent Governance Toolkit (AGT) in a .NET (C#) sample. It shows how to append governance events to Azure Blob Storage, export OpenTelemetry metrics/traces to Application Insights, and apply default-deny policies with practical security guidance for log sanitization.
yairgil introduces Dynamic Thresholds (Preview) for query-based metric alerts in Azure Monitor, showing how Azure can learn per-time-series baselines for Prometheus and OpenTelemetry metrics. The post includes PromQL examples for AKS CPU anomaly detection and p95 latency regression alerting, plus practical query design tips to reduce noisy alerts.
GitHub shares a “Rubber Duck Thursday” update video highlighting what’s new and where to follow ongoing GitHub announcements across its official channels.
aakarshdhawan walks through how to enable Microsoft Entra ID B2B guest access for Power Apps (Canvas and Model-driven) that use Microsoft Dataverse, including the tenant invitation flow, environment access, licensing requirements, and Dataverse security roles needed to validate least-privilege access for external users.